WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

wp redirect wp redirect

Plugin Check reported a security-sensitive coding pattern that needs review.

critical weight

Why It Shows Up

The finding came from a security-focused WordPress coding standard or Plugin Check rule.

Why It Matters

Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.

How to Fix

  • Identify the untrusted value or privileged action involved.
  • Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
  • Rerun Plugin Check after the code path is fixed.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#101Pay For Post with WooCommerce219601,4741k+Non-prefixed global variable
#102PPOM – Product Addons & Custom Fields for WooCommerce213361,32220k+Non-prefixed global variable
#103Wordfence Security – Firewall, Malware Scan, and Login Security211,5922,9735m+Output is not escaped
#104WP Compress – Instant Performance & Speed Optimization213,3673,25310k+Non Singular String Literal Domain
#105WP-Lister Lite for eBay216,6975,1292k+Output is not escaped
#106WP phpMyAdmin214,5286,43550k+Missing Arg Domain
#107wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin211,8111,43270k+Output is not escaped
#108WP Extended – The Ultimate WordPress Toolkit211,253398600Non Singular String Literal Domain
#109WPScan – WordPress Security Scanner215272658k+Text Domain Mismatch
#11012 Step Meeting List22156593900Non-prefixed global variable
#111Frontend Admin by DynamiApps225,9223,20810k+Text Domain Mismatch
#112WP Sessions Time Monitoring Full Automatic228691,529500Non-prefixed global variable
#113Advanced Classifieds & Directory Pro221,2293,5112k+Non-prefixed global variable
#114Advanced Form Integration — Connect Forms to 200+ Apps225,7714,67810k+wp function not compatible with requires wp
#115Ajax Load More – Infinite Scroll, Load More, & Lazy Load2264159540k+Unsafe printing function
#116All-in-One Video Gallery229112,89220k+Non-prefixed global variable
#117Booking for Appointments and Events Calendar – Amelia221,48948090k+Exception output is not escaped
#118Shortcodes and extra features for Phlox theme2241342690k+Output is not escaped
#119Backup Bolt225801,313800Non-prefixed global variable
#120Knowledge Base documentation & wiki plugin – BasePress Docs226711,7672k+Non-prefixed global variable
#121Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots221,6072,02210k+Direct Query
#122Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD226697691k+Output is not escaped
#123Cleanup Action Scheduler225451,3061k+Non-prefixed global variable
#124Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer222,8581,27050k+Text Domain Mismatch
#125Accept PayPal Payments using Contact Form 722359127600Text Domain Mismatch
#126Passster – Password Protect Pages and Content225391,41910k+Non-prefixed global variable
#127Cozy Blocks – Page Builder for Gutenberg Editor & FSE with 500+ Patterns, 57 Blocks & Templates222,1674,1757k+Non-prefixed global variable
#128RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login223,6545,0618k+Non-prefixed global variable
#129WP Customer Area223,30894110k+Text Domain Mismatch
#130Directorist: AI-Powered Business Directory, Listings & Classified Ads225482,17220k+Non-prefixed global variable
#131DirectoryPress – Business Directory And Classified Ad Listing224,7872,795800Text Domain Mismatch
#132Download Manager222,2821,352100k+Output is not escaped
#133Diverse Solutions IDX Real Estate Listings & MLS Search227456051k+Heredoc Output Not Escaped
#134Dynamic QR Code – generator222382086k+Missing direct file access protection
#135E2Pdf – Export Pdf Tool for WordPress221,07583610k+Unsafe printing function
#136easyReservations225,3072,480800Text Domain Mismatch
#137EleSpare – News, Magazine and Blog Addons for Elementor227331,42310k+Non-prefixed global variable
#138Employee Spotlight – Team Member Showcase & Meet the Team Plugin22247689400Non-prefixed hook name
#139Estatik Real Estate Plugin223,04932510k+Text Domain Mismatch
#140Events Maker by dFactory225888191k+Output is not escaped
#141Events Manager – Calendar, Bookings, Tickets, and more!224,7115,66070k+Output is not escaped
#142Falang multilanguage for WordPress227167691k+Output is not escaped
#143Finale Lite – Sales Countdown Timer & Discount for WooCommerce221,0314514k+Output is not escaped
#144FireBox Popups – Increase Sales and Grow Your Email List221538127k+Non-prefixed global variable
#145Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder22409236700k+Text Domain Mismatch
#146Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar221,3211,3713k+Non-prefixed global variable
#147FunnelKit Payment Gateway for Stripe WooCommerce2224432120k+Input is not sanitized
#148GeoDirectory – WP Business Directory Plugin and Classified Listings Directory224,4663,97210k+Output is not escaped
#149Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms221,03772220k+Unsafe printing function
#150Heureka22557254400Exception output is not escaped